SSLDUMP "OpenSSL: decryption enabled." meaning..

I've found it much more useful to do a tcpdump first, then read the pcap file with ssldump. It also gives you more flexibility to analyze the dump with Wireshark as well as convert it through ssldump.

tcpdump -vvnni 0.0:nnnp -s0 host ip_address -w /shared/tmp/file.pcap

This command captures end-to-end packets that can be traced using the F5 plugin for Wireshark.

This is also included in a script I published today.

Finally (If you have access to the key):

ssldump -Aednr /var/tmp/file.pcap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:file.key__ > /shared/tmp/file.txt

Kur,

You're options don't look correct to me. Have you followed this solution: Overview of Packet Tracking with Ssldump? the -r switch reads a file so you don't need to specify the interface or host. If you want to capture/decrypt live traffic then suggest you take a look at this DC article Troubleshooting TLS Problems With ssldump.

My recommendation is to capture the traffic first with tcpdump and use ssldump offline to read the capture. You can use just the -nr switch (+file) to check record messages, but you'll need to provide a key to decrypt the application traffic.

Hope this helps,

N